LorMet > News > Security > FBI Warns of Account Takeover Fraud: How to Stay Safe
Dark Mode

FBI Warns of Account Takeover Fraud: How to Stay Safe

FBI Warns of Account Takeover Fraud: How LorMet Members Can Stay Safe

New FBI Alert: Account Takeover Fraud Is on the Rise

The FBI’s Internet Crime Complaint Center recently issued a public service announcement about a sharp rise in Account Takeover (ATO) fraud. In these scams, criminals impersonate financial institution support staff to trick people into handing over their online banking credentials or one-time passcodes.

Since January 2025, IC3 has received more than 5,100 complaints involving account takeover schemes, with reported losses exceeding $262 million. While this alert is nationwide, the threat is something our members here at LorMet Community Federal Credit Union should pay close attention to.

LorMet’s fraud team will NEVER call you and ask for your social security number, full card number, account number, PIN number, online banking login, or the 3-digit code on the back of your LorMet card.
Any request for this information is fraudulent. DO NOT share this information with anyone over the phone under any circumstances.

What Is Account Takeover (ATO) Fraud?

Account takeover fraud happens when a criminal gains unauthorized access to your financial account, often your online or mobile banking, and then locks you out and moves your money.

Here’s how scammers typically operate:

  • Impersonating your financial institution: Fraudsters call, email, or text you pretending to be from your bank or credit union, “fraud department,” “tech support,” or “security team.” They may claim there is suspicious activity or an urgent problem with your account. WATCH OUR VIDEO
  • Pressuring you to act fast: They create a sense of urgency, saying your money is at immediate risk, so that you feel rushed and less likely to double-check their claims.
  • Stealing login and security codes: They ask for your online banking username and password, or pressure you to read back a one-time passcode or multi-factor authentication (MFA) code sent to your phone or email.
  • Using fake websites and ads: Some scams use look-alike banking sites or fraudulent ads in search results that direct you to phishing pages designed to capture your login details. WATCH OUR VIDEO
  • Hijacking your account: Once they have your credentials and code, they log in, change your password, lock you out of your own account, and quickly move funds, often to other banks or cryptocurrency wallets.

In some cases, scammers may even bring a second caller into the conversation who pretends to be law enforcement, adding more pressure and a false sense of legitimacy.

Red Flags to Watch For

Stop and think if you experience any of these warning signs:

  • Someone claiming to be from LorMet asks for your social security number, full card number, account number, PIN number, online banking login, or the 3-digit code on the back of your LorMet card.
  • You’re pressured to act immediately or threatened with account closure or loss of funds.
  • You’re asked to move money to a “safe” or “temporary” account for protection.
  • The caller ID, email address, or web address looks slightly off or unfamiliar.
  • You’ve clicked on a link and the login page looks different than usual.

When in doubt, hang up, close your browser, and contact LorMet directly at (440) 960-6600.

What to Do If You Suspect Account Takeover Fraud

If you think you may have shared information with a scammer or noticed unauthorized activity, take action immediately:

  1. Contact LorMet right away.
    Call us at (440) 960-6600 as soon as possible so we can help secure your accounts, review recent activity, and attempt to recall or reverse unauthorized transactions where possible.
  2. Change your passwords.
    Update your LorMet online banking password and any other accounts that share the same or similar passwords. Turn on multi-factor authentication everywhere you can.
  3. Report the scam to IC3.
    File a complaint with the FBI’s Internet Crime Complaint Center at IC3.gov. Include as many details as possible: how you were contacted, any phone numbers or email addresses used, website links, and where your funds were sent.
  4. Save all evidence.
    Keep screenshots, emails, text messages, and any other records tied to the scam. These can help investigators and may assist in recovery efforts.

LorMet Is Your Partner in Fraud Prevention

At LorMet Community Federal Credit Union, protecting your accounts and personal information is a top priority. We invest in security tools like LorMet CardControl and EnFact Fraud Detection, but your awareness and actions are just as important in preventing account takeover fraud.

If you’re ever unsure whether a message, phone call, or website is really from LorMet, please reach out to us before taking any action. We’re happy to verify and help.

Have questions or need to report suspicious activity?
Call us immediately at (440) 960-6600.

How LorMet Members Can Protect Their Accounts

The good news is that a few smart habits can dramatically reduce your risk. Here are practical steps based on guidance from the FBI Internet Crime Complaint Center and best practices in financial cybersecurity:

  • Use strong, unique passwords. Avoid using the same password across multiple accounts. A password manager can help you create and store long, complex passwords. WATCH OUR VIDEO
  • Enable multi-factor authentication (MFA). Turn on MFA wherever it is offered, especially on financial, email, and payroll accounts. When possible, use app-based or hardware-based authentication rather than SMS alone.
  • Never share one-time passcodes or MFA codes. LorMet will never ask you to read a one-time passcode or verification code over the phone, email, or text. If someone asks for it, it’s a scam.
  • Be cautious with unsolicited contact. If you receive an unexpected call, email, or text claiming to be from LorMet about suspicious activity, hang up or ignore the message. Then, contact us using the phone number listed on our official website or your account statement.
  • Limit what you share publicly. Be mindful of sharing personal details like your birthday, pet names, or schools on social media. Scammers can use this information to guess passwords or answer security questions.
  • Monitor your accounts regularly. Log in frequently to review your balances and transaction history. Report any unfamiliar activity right away.

Stay Informed. Stay Secure.

Account takeover fraud is a growing threat, but by staying informed and following these best practices, you can significantly reduce your risk. Take a few minutes today to review your security settings, update your passwords, and set up multi-factor authentication where possible.

Please share this article with family and friends who are also LorMet members. Together, we can help protect our community from financial fraud.

Source: FBI Internet Crime Complaint Center (IC3) public service announcement on account takeover fraud, November 25, 2025.

Category: Security
Last Updated: December 02, 2025